From 5851c34b92069dd955e862b856bb732eb263b058 Mon Sep 17 00:00:00 2001
From: Yannick Brosseau <scientist@fb.com>
Date: Thu, 3 Jul 2014 13:55:19 -0700
Subject: [PATCH 19/41] Don't go past the last element of indexVars in
findEntryByPath
We add a chance of creating an infinite loop, because we
were reading memory past the last element of indexVars set to -1.
This issue was only apparent with -O2, probably because the way the
memory was initialized.
Signed-off-by: Yannick Brosseau <scientist@fb.com>
---
grubby.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/grubby.c b/grubby.c
index 4516b92..4462fb9 100644
--- a/grubby.c
+++ b/grubby.c
@@ -1954,11 +1954,13 @@ struct singleEntry * findEntryByPath(struct grubConfig * config,
}
indexVars[i + 1] = -1;
-
+
i = 0;
if (index) {
- while (i < *index) i++;
- if (indexVars[i] == -1) return NULL;
+ while (i < *index) {
+ i++;
+ if (indexVars[i] == -1) return NULL;
+ }
}
entry = findEntryByIndex(config, indexVars[i]);
--
2.4.3